Community discussions

MikroTik App
  4. RouterOS
  5. General

Web-Proxy stops working in some time

Post Reply
 
iDen
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 96
Joined: Wed Sep 15, 2010 2:26 pm
Location: Tbilisi, Georgia

Web-Proxy stops working in some time

Tue May 29, 2012 12:39 pm

Hello everyone.

I need your help. Before posting i did search but found nothing.

I have to block facebook youtube etc. For these purposes i went with transparent web proxy. But it works only few minutes after router restarted. and then it again allows everyone acces to blocked sites.
Any suggestions, tuning? Connection limits ?

Configs:
Code: Select all
ip proxy print 
                 enabled: yes
             src-address: 0.0.0.0
                    port: 8080
            parent-proxy: 0.0.0.0
       parent-proxy-port: 0
     cache-administrator: webmaster
          max-cache-size: none
           cache-on-disk: no
  max-client-connections: 600
  max-server-connections: 600
          max-fresh-time: 3d
   serialize-connections: no
       always-from-cache: no
          cache-hit-dscp: 4
             cache-drive: system
Code: Select all
/ip proxy access
add action=deny comment=fb-blc disabled=no dst-host=facebook.com dst-port=80
add action=deny comment=fb-blc disabled=no dst-host=.facebook.com dst-port=80
add action=deny comment=youtube-blc disabled=no dst-host=youtube.com dst-port=80
add action=deny comment=youtube-blc disabled=no dst-host=*tube*.com dst-port=80
Ether5 is my LAN interface gateway for lan.... i think everything is correct ...
Code: Select all
/ip firewall nat
add action=redirect chain=dstnat comment="WebProxy redirect" disabled=no dst-port=80 in-interface=ether5 protocol=tcp src-address-list=!Exception to-ports=8080
Top
 
merrywt
just joined
Posts: 17
Joined: Mon Dec 05, 2011 7:53 pm
Location: Hertfordshire, UK

Re: Web-Proxy stops working in some time

Tue May 29, 2012 5:07 pm

We use the web proxy on all of our systems and have not experienced this issue with it.

But what we do differently to your configuration is to use a parent or up stream proxy which implments the content filtering.

The reasoning behind this is that there is a very easy way to bypass the filtering that you are trying to implement - use HTTPS which you cannot transparently proxy. To get round this issue we provide a proxy pac file that the users PCs download and have also implemented WCCP on our cisco core to redirect HTTPS for those devices that don't / won't support proxy auto configuration e.g. Android, Kindle etc.

Facebook has allowed users the ability to carry out all of their session now by HTTPS which makes blocking access harder than it used to be but not impossible.

Our up stream proxy is a pair of load balanced WebSense V10000 appliances but we are support circa 15K concurrent users on the end of our ROS devices.

WebSense in not cheap but is reliable in it's web site categorisation and up time (next to zero downtime). There are others out there providing the same sort of appiance and service e.g. Fortinet.
Top
 
THIERA
just joined
Posts: 1
Joined: Tue Jun 07, 2016 8:06 am

Re: Web-Proxy stops working in some time

Sun Jun 12, 2016 2:19 pm

i have problem user the mikrotik can't block the youtube  i config 
 enabled: yes
 src-address: ::
 port: 8080
 anonymous: no
 parent-proxy: ::
 parent-proxy-port: 0
 cache-administrator: webmaster
 max-cache-size: 2048KiB
 max-cache-object-size: 2048KiB
cache-on-disk: yes
max-client-connections: 600
max-server-connections: 600
max-fresh-time: 3d
serialize-connections: no
always-from-cache: no
cache-hit-dscp: 4
cache-path: web-proxy

firewall configuration
 0    chain=srcnat action=masquerade log=no log-prefix="" 
 1    chain=dstnat action=redirect to-ports=8080 protocol=tcp src-address=0.0.0.0 dst-port=80
Top
Post Reply

Who is online

Users browsing this forum: akakua, Bing [Bot], Google [Bot] and 143 guests
  4. RouterOS
  5. General